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DETAILED ACTION 

1 . Claims 1 - 6 have been examined. 

Response to Arguments 

2. Applicant's arguments filed 10 May 2006 have been fully considered but they are 
not persuasive. 

3. In response to applicant's argument that the references fail to show certain 
features of applicant's invention, it is noted that the features upon which applicant relies 
(i.e., the new address is different than the request address) are not recited in the 
rejected claim(s). Although the claims are interpreted in light of the specification, 
limitations from the specification are not read into the claims. See In re Van Geuns, 988 
F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993). 

4. In response to applicant's arguments against the references individually, one 
cannot show nonobviousness by attacking references individually where the rejections 
are based on combinations of references. See In re Keller, 642 F.2d 413, 208 
USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 
1986). 

Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form 
the basis for the rejections under this section made in this Office action: 
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A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 



States. 

5. Claim 1 is rejected under 35 U.S.C. 102(b) as being anticipated by US Patent 
No. 5,870,467 (hereinafter Imai). 

As per claim 1 , Imai teaches an IO requesting method of issuing an IO request 
(Figure 1 Item 1 1 , Col 8 Lines 1 5 - 35) to a storage apparatus (Col 8 Line 64 - Col 9 
Line 7) of a computer system by execution of a program in said computer system (Col 8 
Lines 15 - 35), wherein a program identifier set in advance (Col 9 Lines 8 - 21) in said 
program and a request address are applied to a first function for inputting two values to 
generate one value used as a new address with said program identifier appended 
thereto, and said IO request is issued by using said new address (Figure 1 Item 11, Col 
4 Lines 35 - 60, Col 5 Lines 1 6 - 47, Col 26 Lines 1 8 - 45). 



The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 



6. Claims 2 - 6 are rejected under 35 U.S.C. 103(a) as being unpatentable over US 
Patent No. 5,870,467 (hereinafter Imai) in view of US Patent Application Publication No. 



Claim Rejections - 35 USC § 103 
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As per claim 2, Imai teaches a computer executing a first program issuing an IO 
request to a storage apparatus and a second program for collecting said IO request and 
transmitting said IO request as an IO command to said storage apparatus (Imai; Col 6 
Lines 12-52) wherein a program identifier set in advance in said first program (Imai; 
Figure 1 Item 1 1 , Col 9 Lines 8 - 23) and a request address are applied to a first 
function for inputting two values, that is, said program identifier and said request 
address, to generate one value used as a new address with said program identifier 
appended thereto, and said IO request is issued by using said new address (Imai; 
Figure 1, Col 4 Lines 35-60, Col 5 Lines 16-47, Col 26 Lines 18-45); if said IO 
request is an IO request issued to a logical volume existing in said storage apparatus as 
a logical volume prescribed to be a protected logical volume, a second function for 
carrying out an operation to input one value for generation of two output values as an 
operation inverse to that of said first function generates an original request address and 
a program identifier, that is, said two output values, from said one input value, that is an 
address specified in said IO request as said new address (Imai; Figure 1 , Col 4 Lines 35 
- 60, Col 5 Lines 1 6 - 47, Col 26 Lines 1 8 - 45); said second program has a table 
associating a program identifier, a logical volume existing in said storage apparatus and 
a network address with each other (Imai; Col 6 Lines 12 - 34). 

Imai does not teach wherein said table is searched for a network address 
associated with said generated program identifier and a logical volume indicated by said 
generated original request address and a communication with said storage apparatus is 
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carried out by using said network address as an address of a transmission originator in 
order to issue an IO command to said original request address. 

However, Umebayashi teaches wherein said table is searched for a network 
address associated with said generated program identifier and a logical volume 
indicated by said generated original request address and a communication with said 
storage apparatus is carried out by using said network address as an address of a 
transmission originator in order to issue an IO command to said original request 
address (Umebayashi; Figure 1, Paragraphs [0041] - [0043]). 

Therefore, it would have been obvious to one of ordinary skill in the art at the 
time the invention was made to have modified the teachings of Imai to include wherein 
said table is searched for a network address associated with said generated program 
identifier and a logical volume indicated by said generated original request address and 
a communication with said storage apparatus is carried out by using said network 
address as an address of a transmission originator in order to issue an IO command to 
said original request address because doing so would prevent a possibility for a 
malicious system manager to rewrite the access rights for writing data, or to utilize the 
writing data improperly under by reading and writing under the right given to the system 
manager (Imai; Col 2 Lines 47 - 52). 

As per claim 3, Imai teaches a computer system comprising one or more 
computers and one or more storage apparatus connected to said computers by a 
network apparatus (Imai; Figure 1 , Col 8 Lines 45 - 65) wherein in each of said 
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computers a first program issuing an IO request (Imai; Figure 1 Item 1 1 , Col 9 Lines 8 - 
23) to a storage apparatus and a second program for collecting said IO request (Imai; 
Figure 1 Item 10) and transmitting said IO request as an IO command to said storage 
apparatus are executed (Imai; Figure 1 , Col 8 Lines 45 - 65); a program identifier set in 
advance in said first program (Imai; Figure 1 Item 1 1 , Col 9 Lines 8 - 23) and a request 
address are applied to a first function for inputting two values, that is, said program 
identifier and said request address, to generate one value used as a new address with 
said program identifier appended thereto, and said IO request is issued by using said 
new address (Imai; Figure 1, Col 4 Lines 36-60, Col 5 Lines 16-46, Col 26 Lines 18 
-45); said second program has a table associating a program identifier, a logical 
volume existing in said storage apparatus and a network address with each other (Imai; 
Col 6 Lines 12 - 34); and if said IO request is an IO request issued to a logical volume 
existing in said storage apparatus as a logical volume prescribed to be a protected 
logical volume, a second function for carrying out an operation to input one value for 
generation of two output values as an operation inverse to that of said first function 
generates an original request address and a program identifier, that is, said two output 
values, from said one input value, that is an address specified in said IO request as said 
new address (Imai; Figure 1 , Col 4 Lines 35 - 60, Col 5 Lines 1 6 - 47, Col 26 Lines 1 8 
- 45), and on the basis of said network address used as an address of a transmission 
originator, said network apparatus determines whether or not a communication with said 
storage apparatus can be carried out (Imai; Figure 2 Items S24 and S27, Col 5 Lines 16 
-47). 
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Imai does not teach wherein said table is searched for a network address 
associated with said generated program identifier and a logical volume indicated by said 
generated original request address and a communication with said storage apparatus is 
carried out by using said network address as an address of a transmission originator in 
order to issue an IO command to said original request address. 

However, Umebayashi teaches wherein said table is searched for a network 
address associated with said generated program identifier and a logical volume 
indicated by said generated original request address and a communication with said 
storage apparatus is carried out by using said network address as an address of a 
transmission originator in order to issue an IO command to said original request 
address (Umebayashi; Figure 1, Paragraphs [0041] - [0043]). 

Therefore, it would have been obvious to one of ordinary skill in the art at the 
time the invention was made to have modified the teachings Imai to include wherein 
- said table is searched for a network address associated with said generated program 
identifier and a logical volume indicated by said generated original request address and 
a communication with said storage apparatus is carried out by using said network 
address as an address of a transmission originator in order to issue an IO command to 
said original request address because doing so would prevent a possibility for a 
malicious system manager to rewrite the access rights for writing data, or to utilize the 
writing data improperly under by reading and writing under the right given to the system 
manager (Imai; Col 2 Lines 47 - 52). 
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As to claim 4, Imai also teaches wherein, in place of said network apparatus, said 
storage apparatus determines whether or not an access to a logical volume existing in 
said storage apparatus can be made (Imai; Col 6 Lines 12 - 34). 

As to claim 5, Imai teaches an access control method adopted for a storage 
apparatus said method comprises the steps of recognizing a received IO command as 
an IO command issued to a logical volume existing in said storage apparatus as a 
logical volume prescribed to be a logical volume protected from a received IO command 
(Imai; Figure 2 Items S24 and S27, Col 6 Lines 12-34, Col 8 Lines 15-34, Col 9 
Lines 8 - 23); using a second function for inputting one value to generate two output 
values as a function for obtaining a second address and a program identifier, that is, 
said two output values, from said one value, that is a first address specified in said IO 
command (Imai; Col 5 Lines 15 - 59); determining whether or not an access to said 
logical volume can be made on the basis of said program identifier and an association 
table (Imai; Col 8 Line 45 - Col 9 Line 23); and replacing said first address specified in 
said IO command with said second address and processing said IO command in case 
an access by using said IO command is determined to be an access that can be made 
(Imai; Col 8 Line 45 - Col 9 Line 23, Col 10 Lines 10 - 50). 

Imai does not teach wherein said association table is provided as a table for 
associating a logical volume identifier with a program identifier for identifying a program 
allowed to make an access to a logical volume identified by said logical volume 
identifier. 
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However, Umebayashi teaches wherein said association table is provided as a 
table for associating a logical volume identifier with a program identifier for identifying a 
program allowed to make an access to a logical volume identified by said logical volume 
identifier (Umebayashi; Figure 1, Paragraphs [0041] - [0043]). 

Therefore, it would have been obvious to one of ordinary skill in the art at the 
time the invention was made to have modified the teachings of Imai to include wherein 
said association table is provided as a table for associating a logical volume identifier 
with a program identifier for identifying a program allowed to make an access to a 
logical volume identified by said logical volume identifier because doing so would 
prevent a possibility for a malicious system manager to rewrite the access rights for 
writing data, or to utilize the writing data improperly under by reading and writing under 
the right given to the system manager (Imai; Col 2 Lines 47 - 52). 

As to claim 6, Imai teaches an access control method adopted for a storage 
apparatus said method comprises the steps of recognizing a received IO command as 
an IO command included in a packet transmitted through a network as an IO command 
issued to a logical volume existing in said storage apparatus as a logical volume 
prescribed to be a logical volume protected from a received IO command (Imai; Col 5 
Lines 15-59, Col 8 Line 45 - Col 9 Line 23); using a second function for inputting one 
value to generate two outputs as a function for obtaining a second address and a 
program identifier, that is, said two output values, from said one value, that is, a first 
address specified in said IO command (Imai; Col 5 Lines 15 - 59); determining whether 
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or not said pocket can be transferred to said storage apparatus on the basis of said 
program identifier and an association table (Imai; Col 8 Line 45 - Col 9 Line 23); and 
replacing said first address specified in said IO command with said second address and 
transmitting said packet in case an access by using said IO command is determined to 
be an access that can be made (Imai; Col 8 Line 45 - Col 9 Line 23, Col 10 Lines 10 - 
50). 

Imai does not teach wherein said association table is provided as a table for 
associating a storage apparatus identifier for identifying said storage apparatus, a 
logical volume identifier for identifying a logical volume existing in said storage 
apparatus and a program identifier for identifying a program allowed to make an access 
to said logical volume identified by said logical volume identifier with each other. 

However, Umebayashi teaches wherein said association table is provided as a 
table for associating a storage apparatus identifier for identifying said storage 
apparatus, a logical volume identifier for identifying a logical volume existing in said 
storage apparatus and a program identifier for identifying a program allowed to make an 
access to said logical volume identified by said logical volume identifier with each other 
(Umebayashi; Figure 1, Paragraphs [0041] - [0043]). 

Therefore, it would have been obvious to one of ordinary skill in the art at the 
time the invention was made to have modified the teachings of Imai to include wherein 
said association table is provided as a table for associating a storage apparatus 
identifier for identifying said storage apparatus, a logical volume identifier for identifying 
a logical volume existing in said storage apparatus and a program identifier for 
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identifying a program allowed to make an access to said logical volume identified by 
said logical volume identifier with each other because doing so would prevent a 
possibility for a malicious system manager to rewrite the access rights for writing data, 
or to utilize the writing data improperly under by reading and writing under the right 
given to the system manager (Imai; Col 2 Lines 47 - 52). 



Conclusion 

THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Richard Franklin whose telephone number is (571) 272- 
0669. The examiner can normally be reached on M-F. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Fritz Fleming can be reached on (571) 272-4145. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

Richard Franklin 
Patent Examiner 
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